Closed-Circuit Television (CCTV) Policy

1. Introduction

Alfa Financial Software Limited (“We”, “Us”, “Alfa”) have in place a CCTV surveillance system across its offices. This policy details the purpose, use and management of the CCTV system to ensure that Alfa processes personal data lawfully and complies with the provisions of the UK General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018 (“DPA”).

Surveillance systems can be used to monitor and record the activities of individuals, often in high definition and with ease. As such, these systems can capture information about identifiable individuals and how they behave. Alfa is committed to using these systems to help provide a safe and secure environment for all its staff and visitors, while also ensuring individuals legal rights are recognised and upheld.

This CCTV Policy has been developed based on the ‘Guidance on Video Surveillance (including CCTV)’ issued by the Information Commissioner’s Office (“ICO”) and constitutes a notification in accordance with the UK GDPR and the DPA.

2. Purpose

Alfa uses CCTV systems located internally within the offices for the following lawful purposes:

• Ensuring the personal safety of staff and visitors
• Assisting in the investigation of suspected breaches of Alfa policies by staff or contractors
• Assisting law enforcement in the prevention, detection and investigation of crime and other workplace incidents

Alfa seeks to operate its CCTV system in a manner that is consistent with respect for the privacy of staff and visitors at all times. To ensure this, the currently installed CCTV cameras are set up for purely visual recording and Alfa will display warning signs clearly and prominently wherever CCTV is in operation.

3.  Operation

Alfa will only collect information that is necessary and relevant for the stated purposes and will not further process that information in a manner that is incompatible with those purposes. Alfa will ensure that the siting of CCTV systems will be made with consideration for individuals right to privacy and its intended purposes. All reasonable measures will be taken to ensure the accuracy of information through regular activities such as checking the quality of images and accuracy of time stamps.

4. Storage

CCTV recordings will be stored securely on servers owned and managed by Alfa and retained for up to 30 days from the date the information was recorded unless required for the stated purpose/s or to fulfil a legal obligation. All recordings older than 30 days will be automatically overwritten unless recordings are required to be retained as part of an ongoing request, investigation or to fulfil a legal obligation.

5. Security

Alfa will take all reasonable steps to maintain the confidentiality, availability and integrity of information captured by the CCTV system including, but not limited to:

• Ensuring access to CCTV recordings is strictly controlled and limited only to authorised individuals that require access as part of their role at Alfa.
• Applying security methods such as encryption, where necessary, when storing CCTV recordings of sharing recordings with third parties and only where it is lawful to do so.
• Providing and mandating completion of appropriate training for individuals with responsibility or access to CCTV footage.

6. Rights of Individuals

Under data protection legislation individuals have the following rights that may be exercised unless an applicable exemption applies:

• To access the personal data we hold on them and to check that we are lawfully processing it.
• To request any incomplete or inaccurate information we hold on them is corrected.
• To request we delete their personal information if it is no longer necessary
• To object to us processing their personal data.
• To request we suspend processing their personal data.
• To request the transfer of their data to other companies.

All requests must be directed to DPO@alfasystems.com and will be responded to within 1 month of receipt subject to verification of the identity of the requester (where appropriate).

7.  Access and Disclosure

Individuals may request copies of information captured by the CCTV systems provided. Alfa is not obliged to fulfil a request if it is not possible to do so without disclosing information about another identifiable individual and it has either not been possible to obtain consent from that individual for disclosure and it is unreasonable to proceed without consent.

7.1. Internal Requests

Where a suspicion of misconduct arises and at the formal request or approval by the Global Data Protection Officer, the Technical Operations Team may provide access to CCTV images for use in staff disciplinary cases.

7.2. External Requests

Requests received from third parties such as law enforcement or other individuals not featured in the information captured by the CCTV system should be made in writing to Global Data Protection Officer at DPO@alfasystems.com who will, at a minimum:

• Assess whether the information can lawfully be disclosed. Any decision to refuse a request is made at the discretion of the Global Data Protection Officer unless there is an overriding legal obligation. For example, a court order
• Advise on appropriate measures to ensure any such disclosures are made securely and in a timely manner
• Record the date of the disclosure along with details of who we have provided the information to (the name of the person and the organisation they represent), why they required it and the justification for doing so

8.  Complaints

Complaints concerning Alfa ’s use of its CCTV system or the disclosure of CCTV images should be made in writing to Global Data Protection Officer at DPO@alfasystems.com.